Can the Army’s Strykers be hacked? Cyber vulnerabilities found in upgunned vehicles

The Army has beefed up the firepower of some of its Stryker fleet in Europe, with 30mm cannons on some and others with remote-firing Javelin missiles, making it better ready to take on light armored and armored threats. But adversaries are finding other ways to attack the platform — with cyber.

The annual report from the Director of Operational Test and Evaluation for the Defense Department provides a detailed overview of Army, Navy and Air Force programs. The Army section contains two dozen systems with reviews and recommendations.

Two of those reports look at the Stryker-Dragoon and the Stryker CROWS-J, or Common Remotely Operated Weapons Station – Javelin and notes that both have “cybersecurity vulnerabilities that can be exploited.”

The vulnerabilities highlighted in the report were not simply revealed in testing.

Fear of missing out?

Sign up for the Army Times Daily News Roundup to receive the top Army stories every afternoon.

Thanks for signing up.

By giving us your email, you are opting in to the Army Times Daily News Roundup.

While little detail is shared as to what vulnerabilities were exposed, which adversary exposed them or when this occurred, the shared language for the two systems and another comment point to something common in the hardware, not the new weaponry, on the Stryker.

“In most cases, the exploited vulnerabilities pre-date the integration of the lethality upgrades,” according to the report.

But the problem isn’t isolated to a handful of vehicles. It’s across what will be basically the fighting edge of the lead mechanized ground reconnaissance anti-armor unit that the Army has in Europe.

The Dragoon variant is the upgunned 30mm-cannon Stryker that emerged from Army decisions back in 2015 to give the vehicles more firepower for a perceived overmatch that soldiers in Europe were facing against Russian vehicles and weaponry.

Once all upgrades are complete, the 81 Stryker-Dragoons will make up half of the rifle and scout platoon fleets in the 2nd Cavalry Regiment.

Soldiers assigned to F Troop, 2nd Squadron, 2nd Cavalry Regiment move into position in Stryker Armored Fighting Vehicles as they conduct a demonstration for Latvian military families during the Latvian Battalion anniversary, May 28, 2017, at Adazi Military Base, Latvia. (Sgt. Paige Behringer/Army)

The other half of that fleet will be the CROWS-J variant. That system is an adapted version of a remote-firing system that’s been in use for years with other weapons but only recently modified to fire the Javelin on the Stryker.

Without it, soldiers had to dismount the Stryker, find their target and remote-fire the missile at the armor threat — a very 20th-century method for taking out tanks.

But even with the cyber gaps in the system, soldiers roundly preferred the upgunned and CROWS-J variants to their old platforms, the report noted from soldier feedback.

Todd South is a Marine veteran of the Iraq War. He has written about crime, courts, government and military issues for multiple publications for more than a decade. In 2014, he was named a Pulitzer finalist for local reporting on a project he co-wrote about witness problems in gang criminal cases. Todd covers ground combat for Military Times.